Ransomware victims are paying the ransom in record numbers

Intermedia examined the critical security behavioral habits of more than 1,000 office workers.

ransomware ransom

Ransomware attacks continue to grow exponentially

The threat of ransomware, when hackers infect devices with a virus and hold data hostage until a sum of money has been paid, is only getting worse. According to Cybersecurity Ventures, global ransomware damage costs are predicted to exceed $5 billion in 2017, which is up from $325 million in 2015. Our latest study shows that the average amount paid in ransom among office workers now stands at approximately $1,400.

Even with the increased publicity and impact of global ransomware attacks like WannaCry and Petya, and emerging strains such as Bad Rabbit, awareness still lags behind. About one-third (31%) of office workers admit they aren’t familiar with ransomware. This is not for lack of effort among companies though, with 70% of office workers saying their organization regularly communicates about cyber threats and nearly one-third (30%) saying their organization specifically highlighted the WannaCry ransomware attack as an example.

Employees actions may be contributing to ransomware spike

While education helps with confidence in detecting ransomware, employees aren’t always instructed on what to do if they are a victim. As a result, employees hit by ransomware may take actions that could dramatically undermine their organizations’ security efforts – and damage their bottom line.

Employees shoulder costs of ransomware payments more often than employers: Of the office workers that have fallen victim to a ransomware attack at work, the majority (59%) paid the ransom personally, and 37% said their employers paid, demonstrating employees and employers alike don’t feel like there is an alternative to paying the ransom.

For those whose organizations highlighted WannaCry specifically and have been hit by ransomware, surprisingly 69% still paid a ransom themselves, further highlighting that most office workers don’t know what to do if they are hit-

No one is immune from a ransomware attack:

  • More than 73% of impacted Millennial workers affected by ransomware, often viewed as the most computer-savvy group of employees, report paying a work-related ransom
  • 68% of impacted owners / executive management said they personally paid a work-related ransom.

“Employees are willing to go to great lengths to try to get data back, including paying ransoms out of their own pockets, even though 19% of the time the data isn’t released even after the ransom is paid. Organizations need to focus education efforts not just on what ransomware is, but what steps employees should take if they are impacted. Regular communication is especially important right now with new malware strains like Bad Rabbit posing as seemingly harmless Adobe Flash updates. There are steps that can be taken to not only prevent these attacks from happening, but also, should one occur, to get the data back without paying the ransom. Simply put, the growth in ransomware attacks is fueled by the people and organizations willing to pay a ransom,” said Jonathan Levine, CTO at Intermedia.

SMBs are particularly vulnerable to ransomware attacks

“As ransomware continues to evolve and become more advanced, organizations of all sizes and types must acknowledge it as a very real threat,” Levine continued. “This is especially true for SMBs that may not have the resources, tools or training that larger organizations use to recognize, prevent and protect themselves from such attacks. Ransomware can infiltrate and shut down an entire business through just one infected computer. More often than not, SMBs feel they are forced to pay a ransom they can’t, but must, afford. And hackers realize this.”

What organizations should do

Much of the pain and agony ransomware inflicts can be prevented. Even once the initial damage is done, educated employees can still help to contain the infection by closing their computer to get it off the network.

Employees need to know about the dangers of dealing with cybercriminals directly. Organizations cannot let shame or lack of knowledge drive their employees to feel like paying a ransom themselves is even an option. Simultaneously, organizations should have a continuous backup product. This will reduce the file restoration process down to minutes. Productivity won’t be held at a standstill, and businesses won’t need to pay the ransom in the first place.